-
Notifications
You must be signed in to change notification settings - Fork 0
/
deployment.sh
191 lines (167 loc) · 7.6 KB
/
deployment.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
#!/usr/bin/env bash
################################################################################
### Script deploying the Observ-K8s environment
### Parameters:
### Clustern name: name of your k8s cluster
### dttoken: Dynatrace api token with ingest metrics and otlp ingest scope
### dturl : url of your DT tenant wihtout any / at the end for example: https://dedede.live.dynatrace.com
################################################################################
### Pre-flight checks for dependencies
if ! command -v jq >/dev/null 2>&1; then
echo "Please install jq before continuing"
exit 1
fi
if ! command -v git >/dev/null 2>&1; then
echo "Please install git before continuing"
exit 1
fi
if ! command -v helm >/dev/null 2>&1; then
echo "Please install helm before continuing"
exit 1
fi
if ! command -v kubectl >/dev/null 2>&1; then
echo "Please install kubectl before continuing"
exit 1
fi
echo "parsing arguments"
while [ $# -gt 0 ]; do
case "$1" in
--dtoperatortoken)
DTOPERATORTOKEN="$2"
shift 2
;;
--dtingesttoken)
DTTOKEN="$2"
shift 2
;;
--dturl)
DTURL="$2"
shift 2
;;
--clustername)
CLUSTERNAME="$2"
shift 2
;;
*)
echo "Warning: skipping unsupported option: $1"
shift
;;
esac
done
echo "Checking arguments"
if [ -z "$CLUSTERNAME" ]; then
echo "Error: clustername not set!"
exit 1
fi
if [ -z "$DTURL" ]; then
echo "Error: Dt url not set!"
exit 1
fi
if [ -z "$DTTOKEN" ]; then
echo "Error: Data ingest api-token not set!"
exit 1
fi
if [ -z "$DTOPERATORTOKEN" ]; then
echo "Error: DT operator token not set!"
exit 1
fi
helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace --set controller.opentelemetry.enabled=true --set controller.metrics.enabled=true \
--set-string controller.podAnnotations."prometheus\.io/scrape"="true" \
--set-string controller.podAnnotations."prometheus\.io/port"="10254"
#### Deploy the cert-manager
echo "Deploying Cert Manager ( for OpenTelemetry Operator)"
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.10.0/cert-manager.yaml
# Wait for pod webhook started
kubectl wait pod -l app.kubernetes.io/component=webhook -n cert-manager --for=condition=Ready --timeout=2m
# Deploy the opentelemetry operator
sleep 10
echo "Deploying the OpenTelemetry Operator"
kubectl apply -f https://github.com/open-telemetry/opentelemetry-operator/releases/latest/download/opentelemetry-operator.yaml
#### Deploy the Dynatrace Operator
kubectl create namespace dynatrace
kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v1.2.2/kubernetes.yaml
kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v1.2.2/kubernetes-csi.yaml
kubectl -n dynatrace wait pod --for=condition=ready --selector=app.kubernetes.io/name=dynatrace-operator,app.kubernetes.io/component=webhook --timeout=300s
kubectl -n dynatrace create secret generic dynakube --from-literal="apiToken=$DTOPERATORTOKEN" --from-literal="dataIngestToken=$DTTOKEN"
sed -i "s,TENANTURL_TOREPLACE,$DTURL," dynatrace/dynakube.yaml
sed -i "s,CLUSTER_NAME_TO_REPLACE,$CLUSTERNAME," dynatrace/dynakube.yaml
### get the ip adress of ingress ####
IP=""
while [ -z $IP ]; do
echo "Waiting for external IP"
IP=$(kubectl get svc ingress-nginx-controller -n ingress-nginx -ojson | jq -j '.status.loadBalancer.ingress[].ip')
[ -z "$IP" ] && sleep 10
done
echo 'Found external IP: '$IP
echo '
apiVersion: v1
kind: ConfigMap
data:
enable-opentelemetry: "true"
opentelemetry-operation-name: "HTTP $request_method $service_name $uri"
opentelemetry-trust-incoming-span: "true"
otlp-collector-host: "otel-collector.default.svc.cluster.local"
otlp-collector-port: "4317"
otel-max-queuesize: "2048"
otel-schedule-delay-millis: "5000"
otel-max-export-batch-size: "512"
otel-service-name: "nginx-proxy" # Opentelemetry resource name
otel-sampler: "AlwaysOn" # Also: AlwaysOff, TraceIdRatioBased
otel-sampler-ratio: "1.0"
otel-sampler-parent-based: "false"
metadata:
name: ingress-nginx-controller
namespace: ingress-nginx
' | kubectl replace -n ingress-nginx -f -
kubectl rollout restart deployment ingress-nginx-controller -n ingress-nginx
### Update the ip of the ip adress for the ingres
#TODO to update this part to create the various Gateway rules
sed -i "s,IP_TO_REPLACE,$IP," opentelemetry/deploy_1_11.yaml
helm repo add falcosecurity https://falcosecurity.github.io/charts
helm repo update
helm install falco \
--set driver.kind=modern_ebpf \
--set tty=true \
--set collectors.kubernetes.enabled=true \
--set falco.json_output=true \
--set metrics.enabled=true \
--set falcosidekick.enabled=true \
--set falcosidekick.config.otlp.traces.checkcert=false \
--set falcosidekick.config.otlp.traces.endpoint=http://otel-collector.default.svc.cluster.local:4318/v1/traces \
--set falcosidekick.config.otlp.traces.minimumpriority=debug \
--set falcosidekick.config.otlp.traces.protocol=grpc \
--set falcosidekick.config.otlp.traces.synced=true \
--set falcosidekick.config.dynatrace.apiurl=$DTURL/api \
--set falcosidekick.config.dynatrace.apitoken=$DTTOKEN \
--set falcosidekick.config.dynatrace.minimumpriority=debug\
--set falcosidekick.config.dynatrace.checkcert=false \
--set falcosidekick.webui.enabled=true \
--namespace falco --create-namespace falcosecurity/falco
#Deploy collector
kubectl create secret generic dynatrace --from-literal=dynatrace_oltp_url="$DTURL" --from-literal=clustername="$CLUSTERNAME" --from-literal=clusterid=$CLUSTERID --from-literal=dt_api_token="$DTTOKEN"
kubectl label namespace default oneagent=false
kubectl apply -f opentelemetry/rbac.yaml
kubectl apply -f opentelemetry/openTelemetry-manifest_statefulset.yaml
kubectl apply -f opentelemetry/openTelemetry-manifest_ds.yaml
#deploy demo application
kubectl apply -f dynatrace/dynakube.yaml -n dynatrace
kubectl create ns otel-demo
kubectl label namespace otel-demo oneagent=false
kubectl apply -f opentelemetry/deploy_1_11.yaml -n otel-demo
kubectl create ns goat-app
kubectl label namespace goat-app oneagent=false
kubectl apply -f k8sGoat/hunger_check.yaml
kubectl apply -f k8sGoat/health_check.yaml -n goat-app
kubectl apply -f k8sGoat/internal_proxy.yaml -n goat-app
kubectl apply -f k8sGoat/kube_bench_node.yaml -n goat-app
kubectl apply -f k8sGoat/kube_bench_security.yaml -n goat-app
kubectl apply -f k8sGoat/system-monitor.yaml -n goat-app
kubectl apply -f k8sGoat/unsafejob.yaml -n goat-app
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install unguard-mariadb bitnami/mariadb --version 11.5.7 --set primary.persistence.enabled=false --wait --namespace unguard --create-namespace
helm install unguard oci://ghcr.io/dynatrace-oss/unguard/chart/unguard --wait --namespace unguard --create-namespace
#Deploy the ingress rules
echo "--------------Demo--------------------"
echo "url of the demo: "
echo " otel-demo : http://oteldemo.$IP.nip.io"
echo "========================================================"